# 34 million percent gain

I keep a spreadsheet of my investments and one of my favorite things the spreadsheet does is track not just the average cost of the investments, but overall how much it is worth over the net amount of money spent on the investment (accounting for dividends and so forth). It also tracks reportable gains or losses using average cost or by identifying shares sold. As I held onto investments for longer periods of time, I wanted to get an average annual return, so I came up with a formula based on the date I first buy shares in something to set a timeline up to now. And it uses exponents correctly so it doesn’t just say that if you have a 50% gain over 5 years that you have a 10% annual return (it would really be more like 8.4% annually with compounding). The flip side of that is if I buy something and it goes up even a small amount after the first day (a tiny fraction of a year), it shows a ridiculous annual percentage increase. Now, I don’t like to brag about stock picks because I am losing money on the year, but I did buy some Bank of America one week ago (not enough to make a difference since most of my money stays in mutual funds). I bought at \$6.50 a share and soon it was down as low at \$6.01 a share. But then Warren Buffet made a play and it went up over 20% during one day (less than that by the end of the day). And my spreadsheet showed some ridiculous percentage increase. But it has kept going up for a couple of days. Usually by a week, the percent gain drops to something reasonable, but right now my investment (on paper) is up 28% in a week. In fact the percentage is so high that Excel just showed #######, meaning the number is too large to fit in the square (as an investor this is something that makes you feel pretty good, like on the Dukes of Hazzard when Boss Hogg was calculating how much some scam of his would make on his calculator. Once he pressed the equals button he hollered for delight. Roscoe asked him “How much will we make?” And he said with great glee: “This calculator don’t go that high!”). It turns out that if you take into account compounding, 28% in a week gives me an equivalent annual return of 34,753,785% which would make me a millionaire by the end of the year (really in almost exactly 28 weeks). Actually I won’t last nearly that long because I put in a sell order when it goes up by 50% (I usually do 20%, so this is almost certain to backfire).

After getting the Flashlight Wiki secured, I wanted to upgrade the MediaWiki software to the latest version. I am running v1.16 from when I installed it last year, but since then they have come out with v.1.17. I’m not sure that 1.17 offers a whole lot, but I thought I would try the upgrade. I have been doing backups of the wiki almost weekly. I export the MySQL database that the wiki is based on, compressing it to a zip file first. This is about 1.5MB. Periodically I will also create a zip archive of the entire wiki folder and all the files it contains. This archive is about 20MB. It has all the images, all the installation files, the settings, and pretty much everything that makes it work except the content which is all in the database. Actually it has the content as well since the pages are actually generated and cached in folders.

# ASIRRA Security by Cats

I had a lot of success recently adding security questions to a community bulletin board to stop bots from registering and attempting to spam the forum. I have the same problem on the flashlight wiki, but it hasn’t gotten out of hand yet. Lately I have been getting one or two bot registrations a day. Just like on the bulletin board, registering doesn’t allow them to post spam, they still have to be confirmed by me to post anything. But I still go in and block them which takes a little time. So I was looking for a way to add security questions like I did for the bulletin board. I like the security questions because they are so easy for users to get correct (unlike the blurry text used in CAPTCHA systems). (To be fair, ReCAPTCHA, where you enter two blurry words, does have a practical purpose in helping to convert scanned books into text.)

But all I was finding for wikis was an extension called ConfirmEdit that is meant to flash a CAPTCHA every time someone makes an edit, which wasn’t what I wanted. I should have read more about it though. CAPTCHA doesn’t necessarily involve blurry text, it just means “Completely Automated Public Turing test to tell Computers and Humans Apart,” which can be any kind of test. And in fact, ConfirmEdit has several choices including blurry text, asking simple questions, asking the user to solve simple math problems, and one that involves the user identifying pictures of cats. Yes, pictures of cats. People can easily recognize whether a picture shows a dog or a cat, but this is much more difficult for a computer. Microsoft has developed a system called ASIRRA (“Animal Species Image Recognition for Restricting Access”) which shows you twelve thumbnail pictures of animals. You then click on only the pictures that are cats. The thumbnails are pretty tiny, but a bigger version pops up when your mouse is over the picture. Some people might still have a hard time, for instance if they are blind, though I doubt many people interested in flashlights are blind. Also some of the pictures can be kind of blurry, but you can get a new set of images if you want. The pictures themselves come from millions of pictures stored at petfinder.com and you could even adopt the dogs or cats shown if you want (this is why they make their database available). You can try it at ASIRRA.

Additionally, ConfirmEdit can be configured to control several different types of events, not just confirming edits. One of the options is for new user registration. Perfect.

Well, I had to try out the cat thing. It was pretty easy to install the ConfirmEdit extension and add a couple of lines to my localsettings.php file in my Wiki installation, but it didn’t work because I didn’t realize I also needed to install the ASIRRA extension (supposedly ConfirmEdit includes ASIRRA by default, but it didn’t). Once I got that done, I configured it so that the only time it would use ASIRRA was when a new person registered. I already have anonymous edits turned off and only users that are confirmed by me are allowed to edit, so I’m not worried about spammers, just new registrations. I really like this idea.

This weekend Jeb convinced me to sign up with Facebook again. I had done this before for a couple of weeks before I just got spooked by the excessive connectiveness and lack of privacy. Then I got an ad saying Mom had recommended some kind of dating service, when she says she didn’t do that. So then it seemed to be all about me sharing tons of private information which was being used against me dishonestly.

When I signed back up, they hadn’t really deleted any of the old information or my friends from the last time. Even my password was the same. So the first thing I did was set my privacy settings so only friends could see what I am doing, then I got rid of most of my old friends who were mostly people from high school that I don’t keep up with and some of them I didn’t even know.

So I had things a little more under control. And I like being able to see what’s going on with the family. So maybe I’ll stick with it. But Facebook continues to freak me out. I got some friend recommendations like Facebook does. Usually they seem to be people who are friends with my friends, like Bob. But somehow there were two people with whom I didn’t have any common friends. One was the person who found the dog I fostered this year, and the other was a guy in California that I bought some flashlight parts from. What? I sent these people e-mails, so can Facebook read my e-mails that had nothing to do with Facebook and were sent after I left Facebook? Who knows? Maybe Yahoo is sharing my e-mails with Facebook. Or it could be these people are sharing their e-mails or contacts with Facebook, so Facebook knows I know them.

So Facebook is still awful, but I think I’ll stay with it for another day or two anyway.

# Fighting the Russians, Part 2

In Part 1, I was fighting bogus membership registrations on my community bulletin board by blocking IP addresses and certain e-mail domains. It was fairly effective for a while, but lately I was getting 10-20 bogus signups and the blocked IP addresses, which I could see were blocking people every day, could not keep up. It was also a pain to look up an IP address (to see where they were coming from, usually Russia, Ukraine, Poland, etc., but also France, China, Africa, even places in the US that wouldn’t be interested in my bulletin board). Given all the different IP addresses using the same or similar e-mail addresses, I think the spammers were somehow spoofing IP addresses. They may have been using computers in other places that had been infected or something, but that seems unlikely just because it would be harder to do (though I don’t know how hard it is to spoof an IP address either).

So I got rid of the Captcha (the blurry letters or numbers that you have to read to prove you’re a real person) and added a plug-in that asks a simple question like “What is the capital of our state?” (that question has the advantage that anyone local will know the answer, but you can’t Google the answer). I had never installed a plug-in with MyBB, but it wasn’t that bad actually. I downloaded a file, unzipped it, and had to place about 8 files in the right place on my installation, and then I was able to use MyBB’s control panels to activate the plug-in and customize the questions. I tried registering a couple of times and was able to register by answering the question correctly. The control panel for the questions shows me the percentage of people getting the answer to the questions correct.

After a day, I have gotten no spam registrations (and no real ones either since the bulletin board is barely active), though my IP blocks still show they are blocking some people. I am not sure if the Captcha was hacked so that a bot could read those letters or if people were reading them and registering or some combination where people read the Captcha and then a robot does the registration. Whatever, I like that the Captcha is gone because sometimes I have a hard time reading those anyway, and answering the question should be really much easier and more effective.